Cisco Talos recently published an analysis of an EDR killer used by the #Qilin #ransomware gang. #ESETresearch tracks this threat as #CardSpaceKiller and we recently provided additional insights in our blog www.welivesecurity.com/en/eset-rese... 1/6
#ESETresearch's Eric Howard will be presenting at Botconf. Join him in Reims, France to hear about “GopherWhisper, Uncovering an APT’s secrets through its own words” on Apr 15 at 17.15 CEST. For more information, check out www.botconf.eu/botconf-2026... 1/3
#ESETresearch has identified an Akira lookalike ransomware campaign targeting South America. The threat actor is using a Babukbased encryptor that appends the .akira extension and drops a ransom note that mimics Akira both in Tor URLs and the overall content. 1/5
The ransom note is almost identical to Akira’s with some parts omitted. The crucial difference is the planted Tor link that is not under Akira’s control. The ransom note is also named ___________akira_readme.txt (the leading underscores is another difference to real Akira). 2/5
#ESETresearch has identified a Silver Fox campaign that actively takes advantage of the current annual tax filing and organizational change season in Japan, a period when companies generate a high volume of legitimate financial and HRrelated comms. www.welivesecurity.com/en/business-...
1/8
If you had plans to upgrade your existing router, now might be a good time to do it.
I expect costs to go up as a result.
#ESETresearch analyzed more than 80 EDR killers, seen across real-world intrusions, and used ESET telemetry to document how these tools operate, who uses them, and how they evolve beyond simple driver abuse. www.welivesecurity.com/en/eset-rese... 1/6
Water Campaign Between September 2024 and March 2025, Hydra Saiga conducted an extensive campaign targeting critical water infrastructure, research institutions, and government ministries. The targeting was specifically focused on infrastructure linked to the two major regional rivers: the Syr Darya and Amu Darya. This campaign led to compromises within: The operator of hydroelectric power plants and the water resource service in Kyrgyzstan. A regional administration, a research institute, and the Ministry of Water Resources in Uzbekistan. The Ministry of Energy and Water Resources in Tajikistan. And then a map of Central Asia with them locations of riversd
This is a long, very detailed analysis of a malware campaign by a Kazakhstan-aligned threat actor. But the most important bit, that says a lot about the world today, is the campaign's focus on critical water infrastructure www.vmray.com/hydra-saiga-...
#ESETresearch has analyzed the resurgence of Sednit – one of the most long‑running Russia‑aligned APT groups – now using a modern toolkit built around paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. www.welivesecurity.com/en/eset-rese... 1/5
Still waiting for book store pics, @sparklespanx.bsky.social.
#BREAKING #ESETresearch has discovered the first known Android malware to use generative AI in its execution flow; we have named it #PromptSpy. The malware abuses Google’s #Gemini to achieve persistence on the compromised device. www.welivesecurity.com/en/eset-rese... 1/6
One of the things I'm really big on is communities, and one that regularly polls its members generates interesting data. Here's an article I wrote about tech news site @neowin.net's software + hardware polls, looking at some of that data.
#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5
#ESETresearch has uncovered a new #Android spyware campaign using novel romance scam tactics to target individuals in 🇵🇰 Pakistan, with an added social engineering element previously unseen in similar schemes. www.welivesecurity.com/en/eset-rese... 1/9
#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5
In H2 2025, #ESETresearch saw a thirtyfold increase in #CloudEyE detections, amounting to more than 100,000 hits over the course of six months. CloudEyE is a #MaaS downloader and cryptor used to conceal and deploy other malware, such as #Rescoms, #Formbook, and #Agent Tesla. 1/5
Nice.
It was 25 years ago this month that Tribal Voice's PowWow messaging software shut down.
It is just an internet footnote now, but Tribal Voice, which was founded by John McAfee, invented much of the technology used by today's messaging software.
In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5
Yes, an Intel Core Ultra 3 series CPU. They were announced a couple of months ago: newsroom.intel.com/client-compu...
#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6
Exactly the sort of thing Microsoft should be focusing on—under the hood performance improvements to Windows.
#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7
Russian GRU Orchestrated Cyberattacks on US Airports, Water Systems, and Food Supply, Newly Released Indictment Shows
united24media.com/latest-news/...
via @united24media.com
🔴 The US has unsealed an indictment revealing how Russian GRU hackers targeted critical infrastructure, including a Missouri regional airport, water facilities in Texas, Pennsylvania, and Indiana, and a California meat-packing plant.
Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups www.justice.gov/opa/pr/justi...
Interesting. Seems ClickFix/Fake CAPTCHA scams are migrating to fake Windows Update messages:
old.reddit.com/r/antivirus/...
#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4
#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7
#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT.
ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3